173x Filetype PPTX File size 1.69 MB Source: samsclass.info
App Security Constraints • Built-in security features of the mobile platform • Possibility of device thef Mobile App Threat Modeling Threat Modeling • A pencil-and-paper exercise • Identifying security risks • Helps developer identify most critical risks • Focus on features and/or controls to mitigate those risks • The alternative is endless, aimless, bug- squashing Threat Modeling Technologies • Microsof Threat Modeling –From 1999 (link Ch 8a) • Trike –Open-source, began in 2006 (link Ch 8b) –More traditional risk management philosophy Threat Modeling Technologies • OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation) –From CERT (link Ch 8c) • Cigital Threat Modeling –Based on sofware architecture (link Ch 8d) • P.A.S.T.A. (Process for Attack Simulation and Threat Analysis)
no reviews yet
Please Login to review.